Packages
livebook
0.9.0
0.19.8
0.19.7
0.19.6
0.19.5
0.19.4
0.19.3
0.19.2
0.19.1
0.19.0
0.18.6
0.18.5
0.18.4
0.18.3
0.18.2
0.18.1
0.18.0
0.17.3
0.17.2
0.17.1
0.17.0
0.16.4
0.16.3
0.16.2
0.16.1
0.16.0
0.15.5
0.15.4
0.15.3
0.15.2
0.15.1
0.15.0
0.14.7
0.14.6
0.14.5
0.14.4
0.14.3
0.14.2
0.14.1
0.14.0
0.14.0-rc.1
0.14.0-rc.0
0.13.3
0.13.2
0.13.1
0.13.0
0.12.1
0.12.0
0.11.4
0.11.3
0.11.2
0.11.1
0.11.0
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.2
0.8.1
0.8.0
0.7.2
0.7.1
0.7.0
0.6.3
0.6.2
0.6.1
0.6.0
0.5.2
0.5.1
0.5.0
0.4.1
0.4.0
0.3.2
0.3.1
0.3.0
0.2.3
0.2.2
0.2.1
0.2.0
0.1.2
0.1.1
0.1.0
Automate code & data workflows with interactive notebooks
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
lib/livebook_web/router.ex
defmodule LivebookWeb.Router do
use LivebookWeb, :router
import Phoenix.LiveDashboard.Router
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_live_flash
plug :put_root_layout, {LivebookWeb.Layouts, :root}
# Because LIVEBOOK_SECRET_KEY_BASE authentication is randomly
# generated, the odds of getting a CSRFProtection is quite high
# and exceptions can lead to a poor user experience.
#
# During authentication, configure_session(renew: true) will
# override the configure_session(ignore: true) but the session
# will be cleared anyway. This means an attacker can authenticate
# someone in a given Livebook instance but they wouldn't be able
# to do anything once the authentication goes through.
plug :protect_from_forgery, with: :clear_session
plug :put_secure_browser_headers
plug :within_iframe_secure_headers
end
pipeline :auth do
plug LivebookWeb.AuthPlug
plug LivebookWeb.UserPlug
end
pipeline :user do
plug LivebookWeb.UserPlug
end
pipeline :js_view_assets do
plug :put_secure_browser_headers
plug :within_iframe_secure_headers
end
# The /public namespace includes routes with no authentication.
# When exposing Livebook through an authentication proxy, this
# namespace should be configured as publicly available, in order
# for all features to work as expected.
scope "/public", LivebookWeb do
pipe_through :browser
get "/health", HealthController, :index
end
# The following routes are public, but should be treated as opaque
scope "/public", LivebookWeb do
pipe_through [:js_view_assets]
get "/sessions/assets/:hash/*file_parts", SessionController, :show_cached_asset
get "/sessions/:id/assets/:hash/*file_parts", SessionController, :show_asset
end
live_session :default, on_mount: [LivebookWeb.AuthHook, LivebookWeb.UserHook] do
scope "/", LivebookWeb do
pipe_through [:browser, :auth]
live "/", HomeLive, :page
live "/home/sessions/:session_id/close", HomeLive, :close_session
live "/home/sessions/edit_sessions/:action", HomeLive, :edit_sessions
live "/open/:tab", OpenLive, :page
live "/settings", SettingsLive, :page
live "/settings/add-file-system", SettingsLive, :add_file_system
live "/settings/env-var/new", SettingsLive, :add_env_var
live "/settings/env-var/edit/:env_var_id", SettingsLive, :edit_env_var
live "/learn", LearnLive, :page
live "/learn/notebooks/:slug", LearnLive, :notebook
live "/apps", AppsLive, :page
live "/hub", Hub.NewLive, :new, as: :hub
live "/hub/:id", Hub.EditLive, :edit, as: :hub
live "/hub/:id/env-var/new", Hub.EditLive, :add_env_var, as: :hub
live "/hub/:id/env-var/edit/:env_var_id", Hub.EditLive, :edit_env_var, as: :hub
live "/hub/:id/secrets/new", Hub.EditLive, :new_secret, as: :hub
live "/hub/:id/secrets/edit/:secret_name", Hub.EditLive, :edit_secret, as: :hub
live "/sessions/:id", SessionLive, :page
live "/sessions/:id/shortcuts", SessionLive, :shortcuts
live "/sessions/:id/secrets", SessionLive, :secrets
live "/sessions/:id/settings/runtime", SessionLive, :runtime_settings
live "/sessions/:id/settings/file", SessionLive, :file_settings
live "/sessions/:id/bin", SessionLive, :bin
get "/sessions/:id/export/download/:format", SessionController, :download_source
live "/sessions/:id/export/:tab", SessionLive, :export
live "/sessions/:id/cell-settings/:cell_id", SessionLive, :cell_settings
live "/sessions/:id/cell-upload", SessionLive, :cell_upload
live "/sessions/:id/delete-section/:section_id", SessionLive, :delete_section
live "/sessions/:id/package-search", SessionLive, :package_search
get "/sessions/:id/images/:image", SessionController, :show_image
live "/sessions/:id/*path_parts", SessionLive, :catch_all
end
# Public authenticated URLs that people may be directed to
scope "/", LivebookWeb do
pipe_through [:browser, :auth]
live "/import", OpenLive, :public_import
live "/open", OpenLive, :public_open
end
end
live_session :apps, on_mount: [LivebookWeb.AppAuthHook, LivebookWeb.UserHook] do
scope "/", LivebookWeb do
pipe_through [:browser, :user]
live "/apps/:slug", AppLive, :page
live "/apps/:slug/authenticate", AppAuthLive, :page
live "/apps/:slug/source", AppLive, :source
end
end
scope "/" do
pipe_through [:browser, :auth]
live_dashboard "/dashboard",
metrics: LivebookWeb.Telemetry,
home_app: {"Livebook", :livebook},
ecto_repos: []
end
scope "/authenticate", LivebookWeb do
pipe_through :browser
get "/", AuthController, :index
post "/", AuthController, :authenticate
end
defp within_iframe_secure_headers(conn, _opts) do
if Livebook.Config.within_iframe?() do
delete_resp_header(conn, "x-frame-options")
else
conn
end
end
end